My first thought would be simply that it isn’t an easy task to accomplish,
most ldap servers store their content in a database, so you’d need to
interface through an API for adding the users.
Which LDAP head would you support? 389 ladp? openldap? active directory?
Which attributes would you support? there is the somewhat standard way that
rhel families expect you to configure things, the naming style that
authconfig expects, though you can override everything… then there’s the
way debian expects things to be named. group membership can be defined as
having the groups list be an string attribute of the user, or a user list
be a string attribute of the group, or you can use one of three different
object types and structures to assign user/group relationships…
I’d say go for it
In my group we threw up our hands at ldap and went for AD (which also
supports tie-in with the routers and firewalls, and it looks easier to
develop an openid auth service that is backed by AD than one backed by
ldap, which would get us central authentication to chef as well)
On Sun, Dec 30, 2012 at 10:57 AM, Jay Flowers email@example.com wrote:
Maybe I am missing something… I am surprised that I cannot find a LWRP
to create ldap users. I would have thought it common to iterate over a
data_bag set managing ldap users. When I search around I do not find
evidence that this is common, i.e. no LWRP for creating ldap users…
Would this be a bad practice for some reason I do not see? Or is there
some other reason no one has yet to create and publish a LWRP for this?